Not as paranoid, I know about word macros and the easiness of having the word doc do other things. The pdf as an entry vector I don't know about. Doesn't mean it doesn't exist, just that I have more to learn.

chrisj wrote:[...] The pdf as an entry vector I don't know about. Doesn't mean it doesn't exist, just that I have more to learn.

In the past there were several vulnerabilities found in pdf, often also critical ones. I too would say that doc offers more space for malicious actions though. But anyway, it would be naive to think that nothing malicious can happen when opening a pdf-file.

Paranoia aside, the paper is good reading. Web apps aren't my area of expertise but found the information very easy to understand, and with a quick play in my lab over the weekend, very easy to put into practice.

Nice work Evil1

<edited> (bold) to stop me lying (typo)</edit>

Last edited by RoleReversal on Thu Jan 20, 2011 5:46 pm, edited 1 time in total.